
Indian Railways, with its vast network and critical role in transportation, and as ‘vahan‘ of the poor; can be a potential target for cyberattacks. The dependency on IT and ICT by the Indian Railways, make the system vulnerable to Cyber Attacks and Cyber Sabotage. Implementation of collaborative, predictive, and proactive OT security measures is hence crucial to ensure the safety and security of passengers, infrastructure, and operations. The recent rail accidents in India thus highlights the ongoing challenges faced by Indian Railways in ensuring safety and the need for continued efforts to improve infrastructure, technology, and safety protocols. These measures are never complete without the Cyber Security measures, that need to be co-opted alongside other measures. Importance of collaboration between railway companies, cybersecurity vendors, government agencies, and other stakeholders can also ensure a Cyber Secure operation of the Indian Railway. Sharing threat intelligence, developing common standards, and collaborating on cybersecurity strategies can significantly improve the industry’s overall resilience to attacks.
- Collaboration:
-
- Information Sharing: Establish platforms for real-time threat intelligence sharing with other railway operators globally, cybersecurity agencies (like CERT-In/ NCIIPC), and research institutions. This enables proactive identification and mitigation of emerging threats.
- Joint Response Teams: Form collaborative incident response teams with experts from various domains (IT, OT, law enforcement) to ensure coordinated and effective handling of cyber incidents.
- Public-Private Partnerships: Foster partnerships with cybersecurity companies to leverage their expertise, tools, and technologies for enhanced threat detection and prevention, thereby leading to a safer railways.
- AI-powered signaling systems: Implement AI algorithms to monitor signaling systems for anomalies and predict potential failures, preventing accidents caused by cyberattacks.
- Secure train control systems: Utilize encryption and authentication mechanisms to secure communication between train control systems and prevent unauthorized access or manipulation.
- Moving beyond reactive security measures, and shift towards proactive and predictive approaches.
- This involves using data analytics and machine learning to identify potential threats and vulnerabilities before they can be exploited.
- Establishment of a Sandbox Laboratory: By embracing the concept of sandboxes in various forms, Indian Railways can foster innovation, improve safety, and enhance the efficiency of their operations. SCADA testing and validation can also be carried out in the Sandbox Laboratory.
- Establishment of an Exclusive CERT-RAILWAYS IN: Setting up of a dedicated CERT specifically for railways would play a crucial role in enhancing cybersecurity and ensuring the safe and reliable operation of railway systems.
- Internal RED TEAM: Establishment of a red activity office and continued execution.
- Prediction Measures:
-
- AI-powered Threat Detection: Deploy AI and machine learning algorithms to analyze network traffic, identify anomalies, and predict potential cyberattacks before they impact critical systems.
- Vulnerability Assessment and Management: Utilize predictive analytics to identify vulnerabilities in OT systems and prioritize patching and mitigation efforts based on risk.
- Digital Twins: Create virtual replicas of critical railway infrastructure to simulate cyberattacks and assess their potential impact, enabling proactive development of countermeasures.
- Proactive Measures:
-
- Zero Trust Security: Implement a Zero Trust architecture where every user, device, and connection are verified, minimizing the impact of unauthorized access and lateral movement within the network.
- Microsegmentation: Divide the OT network into smaller, isolated segments to limit the spread of malware and contain the impact of security breaches.
- Security Information and Event Management (SIEM): Deploy SIEM solutions in a hyper sensitive and operational SOC to collect, analyze, and correlate security logs from various OT systems, providing real-time visibility into potential threats. Automation and orchestration tools deployed alongside SIEM can help to streamline security operations, improve efficiency, and reduce response times.
- Automating tasks such as vulnerability scanning, patch management, and incident response can free up security personnel to focus on more strategic initiatives.
- Intrusion Detection and Prevention Systems (IDPS): Implement IDPS solutions with AI integration, specifically designed for OT environments to detect and prevent malicious activity targeting critical infrastructure.
- Regular Security Audits and Penetration Testing: Conduct periodic security audits and penetration testing to identify vulnerabilities and assess the effectiveness of security controls.
- Red Teaming: Employ ethical hackers to simulate real-world cyberattacks and identify weaknesses in the security posture.
- Convergence of IT and OT Security:
-
- Traditionally, IT and OT security have been managed separately. However, with the increasing interconnection of these systems, there is a growing trend towards converging security practices. Integrating systems like signaling, train control, and passenger information with IT infrastructure demands a converged security approach. Breaking down silos between IT and OT teams. This means shared responsibility, unified security policies, and coordinated incident response.
- This involves sharing threat intelligence, coordinating incident response, and implementing unified security policies across both IT and OT environments.
- SCADA Security, should be addressed by Railways through an exclusive strategy.
- Increased Use of Threat Intelligence:
-
- Device a methodology for collection of Threat Intel, and develop systems to use the Threat Intel into actionable counter and proactive actions.
- Collaboration between railway operators, cybersecurity firms, and governments to share real-time information on threats and vulnerabilities. Sharing threat intelligence among organizations and within the industry is crucial for staying ahead of cyber threats.
- Active participation in global platforms (like RailISAC), partnerships with cybersecurity providers (like the recent RailTel-Cylus collaboration), and knowledge sharing with international railway organizations.
- Zero Trust Security:
-
- The Zero Trust model assumes that no user or device can be trusted by default and requires verification at every access point.
- Indian Railways need to design and adopt its own Zero Trust Security Framework.
- This approach is gaining popularity as it helps to reduce the attack surface and limit the impact of security breaches.
- Implementing Zero Trust principles can significantly enhance the security of critical systems and data. Implementing Zero Trust for both IT and OT networks is crucial, especially given the increasing connectivity and remote access needs.
- Emphasis on Resilience and Recovery:
-
- Building robust backup and recovery mechanisms, redundancy in critical systems, and regular disaster recovery drills to minimize downtime after an attack. Also. building resilience into OT systems is essential for ensuring continuity of operations in the event of a cyberattack.
- This involves implementing robust backup and recovery mechanisms, designing systems with redundancy, and conducting regular disaster recovery drills.
- Given the essential nature of the service, rapid recovery is critical. This includes redundant systems, fail-safes, and well-rehearsed incident response plans. Developing a comprehensive incident response plans and investing in resilient infrastructure are crucial for maintaining operational continuity.
- Leveraging Cloud Technologies for Security:
-
- Cloud-based security solutions can provide scalability, flexibility, and cost-effectiveness.
- Utilization of cloud-based security information and event management (SIEM) platforms, threat intelligence feeds, and other security tools to enhance the security posture.
- Growing Importance of Cybersecurity Training and Awareness:
-
- Human error remains a significant factor in cybersecurity incidents and also cannot be neglected at any cost.
-
- Educating staff about cybersecurity best practices, promoting a security-conscious culture, and conducting regular drills can significantly reduce the risk of human error. Collaborative training of all employees, from station staff to engineers, are essential. Targeted training programs focusing on OT security, phishing awareness, and safe internet practices are crucial.
By implementing these collaborative, predictive, and proactive OT security measures, Indian Railways can enhance its cybersecurity posture, protect critical infrastructure, and ensure the safety of passengers and operations. Compliance with standards such as IEC 62443 and NIST Cybersecurity Framework can help to improve their security posture and demonstrate their commitment to cybersecurity.
The major undesirable train incident in the recent past
Unfortunately, 2023-24 saw a number of train accidents in India that were untoward. Here’s a list of the major incidents:
- 02 June 2023: Balasore train collision – While the initial cause was attributed to a signaling error in which three trains were involved in a collision near Bahanaga Bazar station in Balasore district, Odisha; the investigation is still on. The Coromandel Express, a passenger train, collided with a stationary goods train. The impact caused several coaches of the Coromandel Express to derail and collide with the oncoming Yesvantpur-Howrah Superfast Express on an adjacent track. The accident resulted in at least 296 deaths and over 1,200 injuries.
- 17 October 2023: Agartala-Lokmanya Tilak Express Derailment (Assam): Eight coaches of this train derailed in Assam; no casualties were reported.
- 01 December 2023: Surat-Puri Express Derailment (Odisha): This derailment resulted in minor injuries but again brought attention to track safety, particularly after the Balasore tragedy.
- 28 February 2024: Jamtara train accident – Passengers of the Anga Express disembarked while the train was stopped and were tragically run over by a local train, travelling in an adjacent track.
- 29 March 2024: Palghar goods carrier derailment – A goods train derailed near Palghar station in Maharashtra, causing significant disruption to rail traffic between Surat and Mumbai.
- 02 June 2024: Sirhind freight train accident – Details about this accident are limited, but it involved a freight train in Sirhind, Punjab.
- 17 June 2024: Kanchanjunga Express accident – A goods train collided with the Kanchanjunga Express in West Bengal, resulting in 11 deaths and over 60 injuries.
- 18 July 2024: Chandigarh-Dibrugarh train derailment – This incident involved the derailment of the Chandigarh-Dibrugarh Express.
- 29 July 2024: Bihar Sampark Kranti Express incident – Two bogies of the Bihar Sampark Kranti Express detached from the other coaches. While no major casualties were reported, this incident raised concerns about carriage coupling and maintenance.
- 08 August 2024: Howrah-Mumbai Mail derailment – This accident involved a collision with a derailed goods carrier, leading to two deaths and over 20 injuries.
- 14 September 2024: Chhattisgarh Express incident – The Chhattisgarh Express, traveling from Amritsar to Bilaspur, was moving at 130 kmph when it encountered a weakened section of track due to soil erosion. This caused the train to tilt dangerously. The threat was averted and no casualties had occurred in the incident.
- 11 October 2024: Mysuru-Darbhanga Bagmati Express – The Bagmati Express collided with a stationary goods train at Kavaraipettai railway station in Tiruvallur district, Tamil Nadu – Suspected that the Bagmati Express, despite receiving a green signal, entered a loop line instead of the main line, leading to the collision with the goods train that was stationary on the loop line. At least 19 people were injured in the accident
It’s important to note that this may not be an exhaustive list, and the incidents in no way, is an indicator of laxity of the service provider, or a matter indicating gross inefficiency or complacency set-in. Also, there might have been other smaller incidents that were not widely reported during the period. Furthermore, these accidents quoted, highlight the ongoing challenges faced by Indian Railways in ensuring safety and the need for continued efforts to improve infrastructure, technology, and safety protocols including the latest trending cyber security measures.